Foolproof GDPR: Must Knows Before May 25th

GDPR seems to be on the tip of everyone's tongues right now. There’s a lot of information swimming around causing a lot of ambiguity. This GDPR overview will be a concise and clear run down of what it means.


First things first, GDPR is an acronym for General Data Protection Regulation. It’s a new set of guidelines being implemented by the European Union to make sure that the way each EU citizen’s data is being handled is clear to them. This is important because there are around 500 million internet users across Great Britain and the EU (GDPR requirements apply to GB too).

They will be put into force on the 25th May 2018 and must be followed by all companies operating in the EU - even those based outside of Europe. That means it isn’t a choice, compliance is mandatory and any breaches will result in heavy fines.

So what is it?

Well it’s not a brand new thing, it has been in the pipeline since 2012 and the guidelines were formally agreed upon in 2016. The date of implementation however is nearing and that’s why we’re being inundated with its name.

There are 99 separate articles that make up GDPR but the condensed version is, that GDPR aims to put the rights of the customer first by making the following compulsory:

 

Language -                           No more jargon or “legalese” is allowed. Language must be plain and                                                         clear - understandable even to a layperson

Clear consent -                    Using contact details to send updates and offers must only happen
                                                 if the customer has consented using a clear opt-in setup. 

Breach Notification -           If data handling is breached then authorities must be notified in
                                                 72 hours of noticing the breach

Right to Access -                  Data collectors must provide a full copy of all of the data when
                                                 requested by the individual

Right to be Forgotten -        All stored data on any individual must be cleared if and when asked

Privacy by Design -               Only necessary information is to be collected and it is only to be                                                                  accessed by people who are a necessary part of the processing

Centrally Located Data -     Data will no longer be dispersed across many systems, it will all be                                                              collated in one spot for seamless security

Personal Details -                  There will be an increased scope of “personal data” to include
                                                   political views, sexual orientation, health data AS WELL AS name,                                                                 address and phone number as before

 

To find out more about the guidelines you can read about it on the EU’s GDPR homepage or by viewing this handy infographic.

 

If you would like to learn more about Clerk.io's GDPR compliance, click here:

GDPR compliance

 

These guidelines means different things for different people depending on their original data privacy settings. 

Things you can no longer do include:

Refer a friend campaigns - if that friend has not expressly given consent to receive mail

Notify only - Simply telling customers how you will treat their data is no longer good enough - you must get consent through e.g. a tick-box

Segment using personal data - Identifying internet users by their political or sexual preferences or even health status is disallowed

So, does this affect the way you can tailor personalised recommendations? 

No. It doesn’t affect the way you use personalised recommendations within your webshop because no personal data are collected (even with the updated definition of what personal data means) to make these recommendations. Plus, as long as you make sure that you ask customers to subscribe to any email communication, it won’t affect how you send out these recommendations either.

The same goes for segmentation - if your email is already GDPR compliant, using tools such as segmentation will naturally also be compliant because - again - as long as they don’t use personal details (as per the new definition). Customer behaviour such as purchase history is good to use.

Make sure when you are managing these functions, internally or externally, you are GDPR compliant from 25/05/2018. A good external provider will already be updating their terms and conditions and will be making them clear to you!

 

If you'd like to learn more about the benefits of Clerk.io, click here to read a Case Story:

Get your BilligVVS case study